Andri Steiner
Single Sign-On
Years ago, we introduced LDAP into the TYPO3 universe and migrated all typo3.org frontend user accounts to LDAP accounts. Since then, we have connected more and more applications to LDAP, and today we finally have a central user database for all connected services.
Meanwhile, my.typo3.org was introduced to manage user identity and provide a single sign-on service to other applications powered by Keycloak.
Now, we have connected all supported applications directly to my.typo3.org, so there is no need to manually log in anymore. We implemented SAML single sign-on for the following applications:
- Discourse at talk.typo3.org
- Discourse at decisions.typo3.org
- Gerrit at review.typo3.org
- GitLab at git.typo3.org
- HedgeDoc at notes.typo3.org
User Removal Process
Users can remove their my.typo3.org account at any time, so we need to deal with this task regularly. We check, remove, and anonymize the accounts in each application—which is a cumbersome job and can be prone to error.
This task is not especially popular among our team members, so we were motivated to devote quite some time into automating the required actions.
As of now, most of the steps are covered by GitLab CI jobs. They are directly triggered after the deletion of a my.typo3.org account, and report their findings and changes into a single ticket. We continue to monitor the work, but we no longer need to log in and manually check every account in each application.
Dependency Management
We run about two dozen applications, which all have individual dependencies, like specific runtimes or databases. For most services, we use a container-based setup based on Docker and Docker Compose.
To help us maintain those applications, we introduced Renovate into our GitLab instance. This year, we enabled Renovate on all our projects, and only manually rollout changes after automatic preparation.
We have plans for further deployment automations, and look forward to having Renovate as an active and tireless team member preparing the groundwork for us.
Mastodon Server
We introduced a new service into our portfolio with typo3.social. This Mastodon server is used for official communications related to TYPO3 and its teams.
In July, we decided to move our own team communications over there as well, because our automation to Twitter did not work anymore. You’re very welcome to follow our account at typo3.social/@server.
Outdated Services
We still run a few outdated services where the projects are abandoned, or we cannot update to new versions for particular reasons. In July, we finally removed Pootle (the former translation server), thanks to the preparations by the Localization Team.
The remaining two applications related to mailing list/newsletter management will hopefully follow later this year.
Sprint Participation
So far, we have met once in person at the July community sprint this year. Some of us will be at the TYPO3 Developer Days, and in November, there will be another community sprint that we plan to attend.
Meet, Join, and Follow Us
During the year, we see each other in monthly video calls to coordinate our tasks. These meetings are public, and everyone is welcome to join us for questions or even just to say hello. Every few months, we meet in person at one of the community sprints, or other events.
Over the next months, you can meet us at the TYPO3 Developer Days (3–5 August, Karlsruhe, Germany) and the next community sprint (20–24 November, Düsseldorf, Germany).
We aim for open communication and processes. You can follow our work in GitLab, on our Status Page, and on Mastodon.
If you’re interested in infrastructure topics, feel free to reach out to us, and we’re looking forward to welcoming you at one of our next sprints.
